Privacy Policy

BBJ&K GDPR PRIVACY POLICY

BACKGROUND
a) The Controller processes Personal Data in connection with its organisation’s activities;

b) The Processor provides direct marketing services and in the course of providing those services processes Personal Data on behalf of other businesses and organisations;

c) The Controller wishes to continue to engage the services of the Processor to processPersonal Data on its behalf [pursuant to the current agreement subsisting between theController and the Processor];

d) Article 28.3 of the EU General Data Protection Regulations provides that, where processing of Personal Data is carried out by a processor on behalf of a data controller it shall be governed by a contract that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of data subjects and the obligations and rights of the controller;

e) In compliance with the above-mentioned provisions of GDPR the Controller andProcessor wish to enter into this Agreement.

BBJ&K Data Security Measures
Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. BBJ&K holds Personal Data in respect of its clients and third parties in order to fulfil its contractual obligation to those clients and to fulfil statutory duties on behalf of itself and its clients. BBJ&K is committed to the safe processing of client data and third party data.

Personal Data is defined in law as any information relating to an indentified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Detailed below is an outline of the measures that we undertake to ensure the safety of Personal Data within our organisation.

1. Safe Transfer of Data
In the absence of clear guidance regarding data transfer within the UK we have assessed the safety of all our data transactions and are implementing the following changes to our processes.

a. Emails containing Personal Data sent by us to the client contacts will be encrypted

b. Documents and reports that contain Personal Data will be password protected when being transferred to the client where practical

c. Documents and reports, where appropriate, will be transferred to the client via [] rather than sent as email attachments

d. Posting of hard copy documents will be avoided if practical. The option to gather starter information on-line will be made available along with a rolling program of moving any current paper processes to online data capture processes where reasonably practicable.

2. Data Storage and Record Keeping
All documents will be kept in line with current legislative requirements.

IT Security and Recovery Procedures

Overview
In the event of a disaster that leads to a complete or partial shutdown of the communications or IT systems in the head office, BBJ&K have a detailed disaster recovery plan to ensure that the core priority services are maintained.

Data Resilience and Recovery
We have a remote office facility in TW16 6BD with IT facilities and the ability to set up a service centre in the event of the BBJ&K offices being inaccessible.

Current Backups, Frequency and Location

Daily Server Backup
• Full system backups occur every day to a cloud server.

• All changed data is then replicated daily to a remote server in the cloud that can be “spun up” in the event of a Disaster Recovery scenario.

•This offsite data is kept for 3 years.

In the event of a full local server failure, the cloud server would be activated in order to restore our systems.

In the event of a power failure, our internal server has an on-site back up power source which gives an approximate 4 hour window to resolve any issues.

Third Parties:
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html.

Consent:
Through agreeing to this privacy notice you are consenting to BBJ&K processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing birmingham@bbjandk.com or writing to us, see last section for full contact details.

Your rights as a data subject:
At any point whilst BBJ&K is in possession of or processing your personal data, all data subjects have the following rights:
Right of access - You have the right to request a copy of the information that we hold about you.
Right of rectification - You have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten - In certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing - Where certain conditions apply you have a right to restrict the processing.
Right of portability - You have the right to have the data we hold about you transferred to another organisation.
Right to object - You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling - You also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that BBJ&K refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

You can request the following information:
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• How long the data will be stored
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority (Data Protection Regulator).
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
• The source of personal data if it wasn't collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

*To access what personal data is held, identification will be required

BBJ&K will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required.

Contact Details:
16-18 Newhall Hill, 10 Newhall Place, Birmingham, B13JH

BBJ&K Logo
BBJ&K-Location Icon
22 Mary Street, Birmingham, B3 1UD
BBJ&K-Email Iconinfo@bbjandk.comBBJ&K-Phone Icon
0121 752 0999
Homewho we areservicescase studiesblogcareerscontact
Google Partner-LogoSupporting the national Forest-LogoIPA-LogoThe Drum-LogoThrive at work - Logohospice at home west cumbria-Logo
Terms & Conditions
Website Designed By Design in the Shires
Carbon Reduction Plan